This week on the podcast, we have our resident ransomware expert, Ryan Estes, on to give an update on the latest in the ransomware ecosystem. We cover a few recent changes to operators, extortion techniques, and business impact from ransomware attacks in recent months.

This week on the podcast, we discuss the wave of extortion attacks targeting companies that use Salesforce. After that, we discuss Discord's breach involving their customer support application. Finally, we dive deep into the recent Oracle E-Business Suite zero day vulnerability and how attackers chained together multiple low-severity findings into a critical issue.

This week on the podcast, we bring on WatchGuard's head of MDR data science Luke Wolcott to discuss the evolution of machine learning and artificial intelligence in cybersecurity. We dive into the differences in common (and uncommon) machine learning models, the pros and cons of supervised vs unsupervised learning, and why some of the coolest things happening in AI aren't the ones you hear about in the news.

This week on the podcast, we discuss Cisco's recent zero-day vulnerabilities before covering a Microsoft Threat Intelligence post on a phishing campaign that abuses SVG files. After that, we review GitHub's proposed changes for securing the open source software supply chain.

This week on the podcast, we cover a vulnerability in Entra ID that could have allowed attackers to gain Global Admin access to any and all Entra ID tenants. After that, we discuss the Shai Hulud NPM worm that ran rampant over the last week, infecting hundreds of packages. Finally, we end with a quick reminder to WatchGuard Firebox customers to update their devices to the latest firmware to resolve CVE-2025-9242z

This week on the podcast, we cover a massive software supply chain compromise involving widely-used NPM packages. After that we discuss an increase in social engineering attacks called ClickFix. Finally, we end with a discussion of Senator Wyden's recent letter to the FTC demanding Microsoft being held accountable for "gross cybersecurity negligence" and whether his claims have any merit.

This week on the podcast, we discuss a recently published research study from UC San Diego on the effectiveness on security awareness training on phishing prevention. After that, we discuss a security researcher's work on identifying vulnerabilities in four separate employee webapps at Intel. Finally, we end with our analysis of a Ponemon Institute research report called The State of File Security.

This week on the podcast, we discuss key findings from IBM and the Ponemon Institute's 2025 Cost of a Breach Report, including a deep analysis of AI impacts in cybersecurity. Before that, we cover Norway's claim that Russian-aligned hackers opened a floodgate in one of their dams. We also discuss a vulnerability in Microsoft 365 Copilot that allowed the AI to delete its own audit logs.

This week on the podcast, we discuss key findings from a DefCon presentation from researchers at AmberWolf titled ZeroTrust, Total Bust and what it means for Zero Trust Network Access. After that, we review a new vulnerability in the FortiWeb WAF before ending with a quick update from Google Project Zero on a new vulnerability disclosure policy.

This week on the podcast, we discuss some recent research into a new zero day vulnerability in the popular WinRAR utility under active exploit. After that, we give a round up on everything we know about the SonicWall SSLVPN attacks from the last few weeks before ending with a review of a new ChatGPT vulnerability.

This week, we discuss the SharePoint ToolShell vulnerabilities that recently received an out-of-cycle patch from Microsoft. After that, we cover some research into a Chrome and Edge extension malware campaign that impacted 2.3 million victims. Finally, we end by discussing a lawsuit from Clorox against their offshore helpdesk provider Cognizant stemming from a security incident 2 years ago.

This week on the podcast, Corey Nachreiner and guest host, Ryan Estes, from WatchGuard’s malware analysis team, cover the cybersecurity news for last week. We chat about AI-based site cloaking tools on the underground, how Domain Tools found potentially unwanted executables hiding in DNS TXT records, and a Chinese state-sponsored set of targeted phishing campaigns going after the Taiwanese semiconductor industry and its supply chain. Join us to learn more and discuss how we can protect ourselves from similar threats. 

This week on the podcast, Corey Nachreiner and guest host, Ryan Estes, from WatchGuard’s malware analysis team, explore WatchGuard’s recently released Q1 Internet Security Report (ISR). As always with the ISR, we highlight the top malware, network attacks, and malicious domains that our products see, but with our guest host, the author of the Endpoint section, we dive much deeper into all the threats arriving a our customers’ endpoint. Listen in for the latest threat landscape trends and some practical tips to stay safe from the most recent threats.

First, we look back at Microsoft’s major shift to remove endpoint protection from the Windows kernel. When we first covered it, it was a proposed change—now it's happening, and the implications are big. Next, we revisit a segment on GPT-4o and how generative AI is fueling the next wave of social engineering attacks. It's smarter, faster, and more convincing than ever. And finally, a refresher on the arrest of a Scattered Spider leader. While that made headlines, the group's activity hasn’t slowed down, they're still very much on the radar, as we discussed just last week.

This week, we discuss a phishing technique that uses a powerful and risky Microsoft 365 configuration setting. After that, we round up everything we know about the Marks & Spencer breach from April and the lessons that all MSPs can learn from it. After that, we quickly cover a new series of vulnerabilities in a popular Bluetooth chipset that could let attackers gain full control over your headphones.

This week on the podcast, we cover a recent blog post from Google's Threat Intelligence Group on a financially motiviated threat actor's latest techniques for stealing data. After that, we dive into the Model Context Protocol (MPC) that organizations have been rapidly adopting to add functionality to their AI deployments and all of the security risks that it introduces.

This week on the podcast, recent guest Adam Winston hops back on to continue our discussion on Artificial Intelligence in cybersecurity. This week, we focus on how attackers are using AI, what to worry about and what not to lose sleep over, and guidance for evaluating AI for use within your own organization.

This week on the podcast, we cover Coinbase's recent filing with the SEC that described an insider threat event that lead to a ransomware extortion. After that, we discuss dive in to Signal and other secure messaging apps, how they protect communications, and how other apps can undermine those protections.

This week on the podcast, we bring on Ryan Estes from the WatchGuard Threat Lab to discuss the latest trends in ransomware operations. Ryan is an expert in ransomware analysis and currently owns the data behind WatchGuard's public Ransomware Tracker on the WatchGuard Security Center.

This week on the podcast, we bring in Adam Winston, former CSO of ActZero and current Field CTO for Managed Services at WatchGuard to discuss automating the SOC with AI. We cover the history of AI in SecOps, the good and bad applications of AI and Machine Learning, what the future looks like, and how compliance might impact our ability to get there.